GRC Platform | Governance, Risk & Compliance

Demo ModeSample Data Only

This is a Demo Compliance Environment

No real customer data is stored here. All organizations, evidence, assessments, and control updates are seeded sample/demo data for product demonstrations.

Active demo organization: King's Healthcare, Inc. (Demo Organization)

Demo Organization Switcher

Control	Domain	Framework	Risk	Owner	Notes
A1.2 Availability Commitments	Availability	SOC 2	High	IT	Control requires remediation and/or additional evidence for audit readiness.
CC1.1 Integrity and Ethical Values	Control Environment	SOC 2	—	Platform	Control implemented and evidence collected for demo audit review.
CC2.1 Board Oversight	Communication & Information	SOC 2	High	Engineering	Control requires remediation and/or additional evidence for audit readiness.
CC6.1 Logical Access Controls	Logical and Physical Access Controls	SOC 2	—	GRC	Control implemented and evidence collected for demo audit review.
CC7.2 System Monitoring	System Operations	SOC 2	Low	Security	Control requires remediation and/or additional evidence for audit readiness.
CC8.1 Change Management	Change Management	SOC 2	High	Compliance	Control requires remediation and/or additional evidence for audit readiness.
A.5.1 Policies for Information Security	Organizational Controls	ISO/IEC 27001	—	IT	Control implemented and evidence collected for demo audit review.
A.5.15 Access Control	Organizational Controls	ISO/IEC 27001	—	Platform	Control not applicable in this demo assessment scope.
A.5.23 Information Security for Cloud Services	Organizational Controls	ISO/IEC 27001	Medium	Engineering	Control requires remediation and/or additional evidence for audit readiness.
A.8.15 Logging	Technological Controls	ISO/IEC 27001	—	GRC	Control implemented and evidence collected for demo audit review.
A.8.16 Monitoring Activities	Technological Controls	ISO/IEC 27001	High	Security	Control requires remediation and/or additional evidence for audit readiness.
A.8.28 Secure Coding	Technological Controls	ISO/IEC 27001	—	Compliance	Control implemented and evidence collected for demo audit review.
DE.CM-01 Continuous Monitoring	Detect	NIST Cybersecurity Framework	High	IT	Control requires remediation and/or additional evidence for audit readiness.
GV.RM-01 Risk Management Strategy	Govern	NIST Cybersecurity Framework	Medium	Platform	Control requires remediation and/or additional evidence for audit readiness.
ID.AM-01 Asset Inventory	Identify	NIST Cybersecurity Framework	—	Engineering	Control implemented and evidence collected for demo audit review.
PR.AA-01 Identity and Access Management	Protect	NIST Cybersecurity Framework	—	GRC	Control not applicable in this demo assessment scope.
RC.CO-01 Recovery Communications	Recover	NIST Cybersecurity Framework	Medium	Security	Control requires remediation and/or additional evidence for audit readiness.
RS.RP-01 Response Plan Execution	Respond	NIST Cybersecurity Framework	—	Compliance	Control implemented and evidence collected for demo audit review.
1.1 Establish and Maintain Detailed Enterprise Asset Inventory	Inventory and Control of Enterprise Assets	CIS Controls	Medium	IT	Control requires remediation and/or additional evidence for audit readiness.
13.1 Centralize Security Event Alerting	Network Monitoring and Defense	CIS Controls	—	Platform	Control implemented and evidence collected for demo audit review.
17.3 Test and Update Incident Response Process	Incident Response Management	CIS Controls	High	Engineering	Control requires remediation and/or additional evidence for audit readiness.
4.1 Establish and Maintain a Secure Configuration Process	Secure Configuration of Enterprise Assets and Software	CIS Controls	Medium	GRC	Control requires remediation and/or additional evidence for audit readiness.
5.1 Establish and Maintain an Inventory of Accounts	Account Management	CIS Controls	—	Security	Control implemented and evidence collected for demo audit review.
8.2 Collect Audit Logs	Audit Log Management	CIS Controls	—	Compliance	Control not applicable in this demo assessment scope.

Control

Domain

Framework

Status

Risk

Owner

Notes

A1.2

Availability Commitments

Availability

SOC 2

High

Control requires remediation and/or additional evidence for audit readiness.

CC1.1

Integrity and Ethical Values

Control Environment

SOC 2

—

Platform

Control implemented and evidence collected for demo audit review.

CC2.1

Board Oversight

Communication & Information

SOC 2

High

Engineering

Control requires remediation and/or additional evidence for audit readiness.

CC6.1

Logical Access Controls

Logical and Physical Access Controls

SOC 2

—

GRC

Control implemented and evidence collected for demo audit review.

CC7.2

System Monitoring

System Operations

SOC 2

Low

Security

Control requires remediation and/or additional evidence for audit readiness.

CC8.1

Change Management

SOC 2

High

Compliance

Control requires remediation and/or additional evidence for audit readiness.

A.5.1

Policies for Information Security

Organizational Controls

ISO/IEC 27001

—

Control implemented and evidence collected for demo audit review.

A.5.15

Access Control

Organizational Controls

ISO/IEC 27001

—

Platform

Control not applicable in this demo assessment scope.

A.5.23

Information Security for Cloud Services

Organizational Controls

ISO/IEC 27001

Medium

Engineering

Control requires remediation and/or additional evidence for audit readiness.

A.8.15

Logging

Technological Controls

ISO/IEC 27001

—

GRC

Control implemented and evidence collected for demo audit review.

A.8.16

Monitoring Activities

Technological Controls

ISO/IEC 27001

High

Security

Control requires remediation and/or additional evidence for audit readiness.

A.8.28

Secure Coding

Technological Controls

ISO/IEC 27001

—

Compliance

Control implemented and evidence collected for demo audit review.

DE.CM-01

Continuous Monitoring

Detect

NIST Cybersecurity Framework

High

Control requires remediation and/or additional evidence for audit readiness.

GV.RM-01

Risk Management Strategy

Govern

NIST Cybersecurity Framework

Medium

Platform

Control requires remediation and/or additional evidence for audit readiness.

ID.AM-01

Asset Inventory

Identify

NIST Cybersecurity Framework

—

Engineering

Control implemented and evidence collected for demo audit review.

PR.AA-01

Identity and Access Management

Protect

NIST Cybersecurity Framework

—

GRC

Control not applicable in this demo assessment scope.

RC.CO-01

Recovery Communications

Recover

NIST Cybersecurity Framework

Medium

Security

Control requires remediation and/or additional evidence for audit readiness.

RS.RP-01

Response Plan Execution

Respond

NIST Cybersecurity Framework

—

Compliance

Control implemented and evidence collected for demo audit review.

1.1

Establish and Maintain Detailed Enterprise Asset Inventory

Inventory and Control of Enterprise Assets

CIS Controls

Medium

Control requires remediation and/or additional evidence for audit readiness.

13.1

Centralize Security Event Alerting

Network Monitoring and Defense

CIS Controls

—

Platform

Control implemented and evidence collected for demo audit review.

17.3

Test and Update Incident Response Process

Incident Response Management

CIS Controls

High

Engineering

Control requires remediation and/or additional evidence for audit readiness.

4.1

Establish and Maintain a Secure Configuration Process

Secure Configuration of Enterprise Assets and Software

CIS Controls

Medium

GRC

Control requires remediation and/or additional evidence for audit readiness.

5.1

Establish and Maintain an Inventory of Accounts

Account Management

CIS Controls

—

Security

Control implemented and evidence collected for demo audit review.

8.2

Collect Audit Logs

Audit Log Management

CIS Controls

—

Compliance

Control not applicable in this demo assessment scope.

King's FinTech, Inc. Annual Security Compliance Audit 2026

Assessment Controls